]> git.datanom.net - qtadmin.git/blobdiff - quarantine.php
projects / qtadmin.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
First upload of wblist page
[qtadmin.git] / quarantine.php
diff --git a/quarantine.php b/quarantine.php
index 918637872f30a30e34d9015841dfe120c7ee0ad3..b6703d866c802ba867f55631ee32a9a8af82ae56 100644 (file)
--- a/quarantine.php
+++ b/quarantine.php
@@ -1,90 +1,126 @@
 <?php
 /* vim: set ts=4 tw=0 sw=4 noet: */
 <?php
 /* vim: set ts=4 tw=0 sw=4 noet: */
-       require_once 'config.php';
-       require_once $CFG->root . 'lib/db_factory.php';
-       require_once $CFG->root . 'lib/utils.inc.php';
+    require_once 'config.php';
+    require_once $CFG->root . 'lib/db_factory.php';
+    require_once $CFG->root . 'lib/utils.inc.php';
 
 
-       function error($error) {
-               $util = Utils::getInstance();
-               $util->setHeading("Error");
-               echo $util->getHeader();
-               echo $util->getHeading();
-               echo "<p style=\"color: red;\">$error</p>";
-               echo '<a href="index.php">Return</a>';
-               echo $util->getFooter();
-       }
+    function error($error) {
+        $util = new Utils;
+        $util->setHeading("Error");
+        echo $util->getHeader();
+        echo $util->getHeading();
+        echo "<p style=\"color: red;\">$error</p>";
+        echo '<a href="index.php">Return</a>';
+        echo $util->getFooter();
+    }
+
+    function handleRequest($util, $request, $ids) {
+        global $CFG;
+
+        $query = array();
+        foreach ($ids as $id) {
+            $mail_id = urldecode($id);
+            $mail = unserialize($_SESSION['mailInfo']["$mail_id"]);
 
 
-       $util = Utils::getInstance();
-       $loggedIn = $util->isLoggedIn();
-       $request = isset($_GET['op']) ? $_GET['op'] : '';
-       if ($loggedIn && isset($_GET['id'])) {
-        $mail_id = urldecode($_GET['id']);
-               $mail = unserialize($_SESSION['mailInfo']["$mail_id"]);
-               $secret_id = $mail->secret_id;
-               $recipient = $mail->recipient;
+            if (is_object($mail) && true == $util->authorized($mail->recipient)) {
+                $secret_id = $mail->secret_id;
+                $recipient = $mail->recipient;
+                $sender    = $mail->sender;
 
 
-               $query = array();
-               if ($request == 'release') {
-                       $amavisserver = $CFG->amavisd_db_host;
-                       $policy_port = $CFG->amavis_policy_port;
+                if ($request == 'release') {
+                    $amavisserver = $CFG->amavisd_db_host;
+                    $policy_port = $CFG->amavis_policy_port;
 
 
-                       $fp = fsockopen($amavisserver, $policy_port, $errno, $errstr, 30);
-                       if (!$fp) {
-                               error("$errstr ($errno)");
-                               exit;
-                       }
-                       $out = "request=" . $request . "\r\n";
-                       $out .= "mail_id=" . $mail_id . "\r\n";
-                       $out .= "recipient=" . $recipient . "\r\n";
-                       $out .= "secret_id=" . $secret_id . "\r\n\r\n";
-                       fwrite($fp, $out);
-                       $response = fread($fp, 8192);
-                       fclose($fp);
-                       $response = urldecode($response);
-                       if (! preg_match("/^setreply=250\s+([\d\.]+)\s+(.*)/", $response, $matches)) {
-                               error("Request to release failed [$out][$response]");
-                               exit;
-                       }
-                       if ($matches[1] != '2.0.0') {
-                               error($matches[2]);
-                               exit;
-                       }
+                    $fp = fsockopen($amavisserver, $policy_port, $errno, $errstr, 30);
+                    if (!$fp) {
+                        error("$errstr ($errno)");
+                        exit;
+                    }
+                    $out = "request=" . $request . "\r\n";
+                    $out .= "mail_id=" . $mail_id . "\r\n";
+                    $out .= "recipient=" . $recipient . "\r\n";
+                    $out .= "secret_id=" . $secret_id . "\r\n\r\n";
+                    fwrite($fp, $out);
+                    $response = fread($fp, 8192);
+                    fclose($fp);
+                    $response = urldecode($response);
+                    if (! preg_match("/^setreply=250\s+([\d\.]+)\s+(.*)/", $response, $matches)) {
+                        error("Request to release failed [$out][$response]");
+                        exit;
+                    }
+                    if ($matches[1] != '2.0.0') {
+                        error($matches[2]);
+                        exit;
+                    }
+
+                    $query[] = "UPDATE msgrcpt SET rs = 'R' WHERE mail_id = '$mail_id'";
+                } else if ($request == 'delete') {
+                    $query[] = "UPDATE msgrcpt SET rs = 'D' WHERE mail_id = '$mail_id'";
+                } else if ($request == 'block') {
+                    $query[] = $sender;
+                } else {
+                    error("Unknown operation [$request]");
+                    exit;
+                }
+            }
+        }
+
+        return $query;
+    }
 
 
-                       $query[] = "UPDATE msgrcpt SET rs = 'R' WHERE mail_id = '$mail_id'";
-               } else if ($request == 'delete') {
-                       $query[] = "UPDATE msgrcpt SET rs = 'D' WHERE mail_id = '$mail_id'";
-               } else {
-                       error("Unknown operation [$request]");
-                       exit;
-               }
-               $success = $DB->update($query);
-               if (! $success) {
-                       error("Message not released, contact administrator [$query]");
-                       exit;
-               }
-               header('Location: index.php');
+    $util = new Utils;
+    $loggedIn = $util->isLoggedIn();
+    $request = isset($_GET['op']) ? $_GET['op'] : '';
+    if ($loggedIn && isset($_GET['id'])) {
+        $ids = explode(',', $_GET['id']);
+        if ($request == 'block') {
+            // /add/(whitelist|blacklist)/(.+)
+            $query = handleRequest($util, $request, $ids);
+            $data = json_encode($query);
+            if ($util->isAdmin()) {
+                $method = '/add/blacklist';
+            } else {
+                $method = '/add/blacklist/' . $util->getUser();
+            }
+            $success = $util->makeRestCall($method, $data);
+        } else {
+            $query = handleRequest($util, $request, $ids);
+            $success = $DB->update($query);
+        }
+        if (! $success) {
+            if ($request == 'block') {
+                error("Could not blacklist sender");
+            } else {
+                error("Message not released, contact administrator [$query]");
+            }
+            exit;
+        }
+        header('Location: qtadmin.php');
     } else if ($loggedIn && $request == 'purge') {
     } else if ($loggedIn && $request == 'purge') {
-               $marked = unserialize($_SESSION['marked']);
-               unset($_SESSION['marked']);
-               $query = array();
-               $error = array();
-               foreach ($marked as $mail_id) {
-                       $query[] = "delete from msgs where mail_id = '$mail_id'";
-                       $query[] = "delete from msgrcpt where mail_id = '$mail_id'";
-                       $query[] = "delete from quarantine where mail_id = '$mail_id'";
-                       $success = $DB->update($query);
-               if (! $success) {
-                               $error[] = $mail_id;
-                       }
-               }
-               if (count($error) > 0) {
-                       $str = implode(', ', $error);
-                       error("The following messages was not purged [$str], contact administrator");
-                       exit;
-               }
-               header('Location: index.php');
-       } else if ($loggedIn) {
-               header('Location: index.php');
+        $marked = unserialize($_SESSION['marked']);
+        unset($_SESSION['marked']);
+        $query = array();
+        $error = array();
+        foreach ($marked as $mail_id) {
+            $recipient = $DB->getRecipient($mail_id);
+            if ($recipient && true == $util->authorized($recipient)) {
+                $query[] = "delete from msgs where mail_id = '$mail_id'";
+                $query[] = "delete from msgrcpt where mail_id = '$mail_id'";
+                $query[] = "delete from quarantine where mail_id = '$mail_id'";
+                $success = $DB->update($query);
+                if (! $success) {
+                    $error[] = $mail_id;
+                }
+            }
+        }
+        if (count($error) > 0) {
+            $str = implode(', ', $error);
+            error("The following messages was not purged [$str], contact administrator");
+            exit;
+        }
+        header('Location: qtadmin.php');
+    } else if ($loggedIn) {
+        header('Location: qtadmin.php');
     } else {
         header('Location: auth.php');
     }
     } else {
         header('Location: auth.php');
     }
An Amavisd qurantine administration interface
This page took 0.069867 seconds and 5 git commands to generate.